On 01/25/2012 06:03 AM, Karsten 'quaid' Wade wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 01/24/2012 03:40 PM, Ewoud Kohl van Wijngaarden wrote:
I have no experience with mediawiki + openid myself, but maybe giving it a go and monitor it would be good enough for now.
Possible downsides: - Spammers use openid to spam
Possible upsides: - More open to new people - People can use a single account for both gerrit and the wiki
Since the wiki edits are also shown on IRC I think spam would be caught fast enough and in the worst case the change could be reverted.
That's a good point, the wiki edits are watched that way more carefully.
What would our reaction be if we started to see spam edits via OpenID accounts?
* Can we easily disable those accounts? * Would we revert to not using OpenID? ** Sometimes spammers seem to be doing test-spam on a wiki, so a few scattered edits might be preparation for an onslaught.
Also consider all this in terms of who is taking care of the wiki. We don't (yet?) have enough individuals or a team that seem to be taking on any wiki management tasks.
So a spamming situation could rally such folks, but it could also kill the energy while in the crib by overwhelming it with spam pages from incrementally more spam accounts.
I'm reacting a bit here to e.g. more wiki pages being incorrectly named than not, so a lot of wiki gardening required still. OTOH, I am very much in favor of lowering barriers as much as we can. I'd like to proceed with this discussion and just figure out a way to counterbalance the risks, etc.
can we separate the openid support for authentication (so people can user same user/password) from authorization (can an openid account do something)? so we would still have the process of an existing user has to give edit permissions to an openid user?